Google Encrypts More Searches

Today, Google announced that it is switching its Search service for logged-in users over from insecure HTTP to encrypted HTTPS. This is a significant win for users: HTTPS is an essential protection against surveillance and alteration of your search traffic — whether by governments, companies, or hackers. Today's change appears to be designed to end a series of attacks that identified or tracked people based on the personalized search results Google gives them — but the protection also extends to outgoing search terms in many situations.

There is one small caveat that users should be aware of with the new encrypted-when-logged-in Google. If you click on an advertisement, and the advertiser's website is HTTP rather than HTTPS, Google will send the search terms for that specific query to the advertiser over HTTP. The encrypted.google.com domain will continue to exist and will not have that behavior: on that domain, advertisers only get to see the search that lead to a click-through if they use HTTPS. Privacy conscious users should keep using HTTPS Everywhere, which will ensure that you're always using the encrypted.google.com domain. And of course, HTTPS Everywhere will also keep protecting you if you prefer to use Google Search without being logged in.

Related Updates

As the presidential campaign was in full swing early last year, now-President Trump made his feelings on encryption clear. Commenting on the Apple-FBI fight in San Bernardino, Trump threatened to boycott Apple if they didn’t cooperate: “to think that Apple won't allow us to get into [the] cell phone,” Trump...

Peter Eckersley of the Electronic Frontier Foundation (EFF) built upon former senator Ted Stevens’ analogy that said the internet is like a bunch of tubes, saying, “If you use HTTP, those tubes are totally transparent. Anyone along the way can look inside and see exactly what you’re doing.” Use HTTPS...

This year was one of the busiest in recent memory when it comes to cryptography law in the United States and around the world. But for all the Sturm und Drang, surprisingly little actually changed in the U.S. In this post, we’ll run down the list of things that happened...

This was a great year for adoption of HTTPS encryption for secure connections to websites. HTTPS is an essential technology for security and privacy on the Web, and we've long been asking sites to turn it on to protect their users from spying (and from censorship and tampering with site...

Many have contacted us with concerns about yesterday’s election results. At this critical moment, we want digital civil liberties supporters worldwide to feel confident that EFF remains steadfast in its mission and method: to use law and technology to champion civil liberties and provide a potent check against overreach. EFF...

"There has been a crazy chicken-and-egg problem holding up the deployment of secure encryption on the web," said Peter Eckersley, chief computer scientist at the Electronic Frontier Foundation and co-founder of the Let's Encrypt project. "Browsers tried to protect users by blocking insecure parts of secure HTTPS pages, but that...

After more than 15 years as a web developer and environmental and human rights activist, Bill Budington kept noticing the same problems. Whether it was unpatched hosts or outdated and expired software, many of the non-profits he worked with were highly vulnerable to cyber attacks. Making matters worse, Bill noticed...

Last weekend EFF took part in the Eleventh Hackers On Planet Earth (HOPE) conference in New York City and got to meet so many of our wonderful supporters. We've collected the HOPE talks given by EFF staff below, with the official program abstract, video, and where applicable, the original slides...

Google also recently announced an optional end-to-end encrypted mode in its new messaging app, Allo — but the move drew fire from some privacy advocates, who typically cheer advances in commercial encryption. “Hey @google, what the shit? You support encryption? Turn it on by default, or don't bother playing,”...

“It meant that there was one person in Washington who had a clue about [encryption], which previously it looked like there were zero people in Washington who had a clue about this,” John Gilmore, the founder of the Electronic Frontier Foundation and one of the leaders of the Cypherpunks group...